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DETAILED ACTION 

1. This Office action is in response to the amendnnent filed on August 10, 2006. 

2. Claims 56-68 are pending. 

Response to Amendment 

3. The objection to claim 66 is withdrawn as the amendment overcomes the 
objection. 

4. The 112/2"^ paragraph rejections are withdrawn as the amendment overcomes 
the 112/2"^ paragraph rejections. 

Response to Arguments 

5. Applicant's arguments regarding the prior art rejections have been fully 
considered but they are not persuasive. 

6. Applicant's argument as presented in the "Remarks", under the section 
"Paragraph 12". A. (i) [p. 5-6], are deficient for two reasons. First, applicant argues, 
"Korn at col. 3, lines 15-18 discloses such hypertext object would reference an original 
script with appended hash commands, not an encrypted script. The hashed commands 
and the original script subsequently may be encrypted to hide a public key protecting 
the hashed commands appended to the script. Korn does not teach a worker skilled in 
the art to store an encrypted script." However, it appears that applicant's reading of 
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Korn ignores more relevant portions of the disclosure. On col. 2:25-35 and col. 3:15-18, 
Korn teaches 

In one embodiment of the invention, a script in a World Wide Web page ("Web page", "Web 
document", or "HyperText Markup Language (HTML) document") is hashed and encrypted. A 
control in the Web page, such as ActiveX, decrypts and hashes the script to verify the script has 
not been altered or tampered with, before executing or causing to execute the script. In this 
manner, one can serve to a client web pages that contain interactive content or that execute local 
applications in a secure fashion. The described embodiment involves a script that may be 
invoked by a Web browser application, or more particularly, by a control in a Web page 
downloaded by the Web browser application.... The script, including the signed hashed values 
and public key, if present, may be encrypted using a symmetric key 107 to provide a second level 
of encryption. 

Clearly, contrary to applicant's allegations, Korn expressly discloses storing an 
encrypted script ["a script in a World Wide Web page (Web page', *Web document', or 
'HyperText Markup Language (HTML) document') is hashed and encrypted."] 

Second, the argument is piecemeal and it does not consider the teachings of 
W3C. One cannot show nonobviousness by attacking references individually where the 
rejections are based on combinations of references. See In re Keller, 642 F.2d 413, 
208 USPQ 871 {CCPA^98^)\ In re Merck & Co., 800 F.2d 1091,231 USPQ 375 (Fed. 
Cir. 1986). W3C discloses incorporating a hypertext object within an HTML page to 
invoke remotely located objects to enable greater flexibility to store and retrieve 
programs and data sets. Section 13.3 and 13.4. It is the combined teachings of Korn 
and W3C that disclose the limitation in question. 
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7. With respect to applicants arguments under section Paragraph 12:A(ii) and (iii), 
applicant suggests the following: "Korn at col. 3, lines 35-37 discloses a user visiting a 
web server [and the user] downloads a web page containing interactive content. Korn 
does not disclose a user sending a request to a web server," and "[t]here is no basis in 
Korn for the web server to receive a URL and fetch a modified web page. The user 
completes this task by visiting the web site and downloading the web page containing 
interactive controls." It appears applicant is making the distinction that the step of 
"visiting a web server" or "visiting the web site and downloading the web page" are 
distinct from the actions of "a user sending a request to a web server" and "the web 
server to receive a URL" to fetch a web page. However, applicant supplies no rational 
as to why such a distinction exists. The invention of Korn is describing a transaction 
between a web server serving HTML web pages with embedded controls in the web 
page to decrypt an encrypted script, and a web browser, which receives the modified 
web page from the server. In this transaction, applicant's alleged distinction does not 
exist. A user visiting a web server to download a web page containing interactive 
content via a web browser {Korn, col. 2:33-35) necessarily sends a request to a web 
server. For example, when a user visits a web site and downloads a web page, he or 
she enters a URL into their browser to "visit" the site, and the web server receives this 
URL request. This step is equivalent to "sending a request to a web server" and the 
"web server to receive a URL." 
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8. With respect to applicanf s arguments under section Paragraph 12:A(iv-viii), 
again, these are piecemeal arguments and they do not consider the teachings of Korn 
as modified by W3C. The teachings of the two references and the reasons to combine 
are supplied below in the rejections. 

9. With respect to applicant's arguments under section Paragraph 12:A(ix), the 
teaching of the prior art is considered in terms of its whole. There is nothing in the prior 
art or in the Specification of applicant's invention to suggest that because Korn 
discloses additional features beyond what is claimed by applicant, Korn is irrelevant. 
On the contrary, Korn is relevant because it teaches those features specifically claimed 
by the applicant. 

Further, in reply to applicant's argument that Korn modified by W3C is 
inoperative, applicant does not provide a sufficient rational for this argument. 
Applicant's claim that the modification is inoperative due to performing unnecessary 
steps is not a sufficient basis for being inoperable. In general, an invention can perform 
superfluous steps and still remain operable. Rather, the performance of unnecessary 
steps is an issue that suggests an undesirableness to combine two references. With 
regard to the desirability to combine the two references, the motivation to combine the 
two references is addressed both above and below. Furthermore, in reply to applicant's 
claim that the modification is inoperative due to the absence of cryptographic key 
functions in encrypting and decrypting hash commands and the script, a runtime 
environment to decrypt the hash command and the script, and the absence of a 
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comparator to decrypt the script, the test for obviousness is not whether the features of 
a secondary reference may be bodily incorporated into the structure of the primary 
reference; nor is it that the claimed invention must be expressly suggested in any one or 
all of the references. Rather, the test is what the combined teachings of the references 
would have suggested to those of ordinary skill in the art. See In re Keller, 642 F.2d 
413, 208 USPQ 871 (CCPA 1981). Moreover, the combination of Korn and W3C are 
readily combinable, contrary to applicant's allegation. W3C discloses, inter alia, means 
to incorporate references to a remote object into an HTML page. This means is 
suggested as a modification within a web page separate from the concerns of the 
environmental setup to express the web page. There is nothing in the art to suggest 
that incorporating the teachings of W3C into the scheme of Korn would render the 
invention inoperable. Hence, because Korn discloses encryption and decryption 
techniques on a web script in the context of an HTML web page, as well as runtime 
environments for these cryptographic procedures, and storage and retrieval of these 
encrypted web scripts, the combination of Korn and W3C cover the limitation of the art. 

For the aforementioned reasons, applicant's arguments against the rejection of 
claim 56 are not persuasive. 

Applicant's arguments with regard to the rejections of claims 57-61 and 67-68 are 
unconvincing for the same reasons state above. Hence, these claims remain rejected 
under the prior art of record. 
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In reply to applicant's argument that the prior art does not suggest modifying 
Korn to perform concurrent tasks in the manner described by claims 62-64, examiner 
disagrees. The rejections below are based on the combined teachings of Korn, W3C 
and Hall, wherein Hall explicitly discloses performing concurrent tasks for the purpose of 
maintaining efficiency and convenience. Moreover, the examples by Hail illustrate 
multi-tasking based on discrete tasks (pgs. 752-760, listings 14.4, 14.10 and 14.12), 
which suggest multi-tasking individual steps. Because Korn and W3C combined 
disclose the individual steps of applicant's claimed invention, and Hall provides 
motivation to perform separate steps in a concurrent manner, the prior art of record 
disclose the inventions of claims 62-66. 

For these reasons, the applicant's arguments are not persuasive and the claims 
remain rejected under the prior art of record. 

It is noted that applicant states "[t]he rejection [to the claims] contravenes the 
comments made by the Examiner and Supervisory Examiner at the Interview conducted 
September 21, 2005 that describing multiple downloads in the claims would overcome 
the cited art." (Remarks, p. 12) As a point of clarification, no such statement was made 
by either the examiner or the supervisor. During the interview of September 21 , 2005, 
applicant's representative suggested the aforementioned amendments to the claims to 
overcome the references of the prior art. The response of both the examiner and the 
supervisor was that consideration to the proposed amendments would be given to an 
RCE due to the fact that the amendments are new issues that would require further 
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search and consideration. This is consistent with the interview summary mailed on 
9/21/06. 

Claim Rejections - 35 USC § 103 

10. Claims 56-61, 67 and 68 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Korn U.S. Patent No. 6,880,083 (hereinafter Korn) in view of W3C 
HTML 4.01 Specification (hereinafter W3C). 

11. As per claim 56, Korn discloses a method executable in a computer for restricting 
access to a script in a computer comprising the steps of: 

a. storing a modified web page in a web server including a hypertext object 
having a reference to a decryption program (col. 2:14-30 and lines 34-35; 3:32 
and lines 37-38); 

b. storing an encrypted script in a web server and storing a decryption 
program on a server capable of decrypting the encrypting script (Korn, col. 2:14- 
30; 3:15-20, 30-33); 

c. sending a first URL request to the web server for the modified web page 
by a web browser in a computer (3:36); 

d. receiving the first URL request at the web server and fetching the modified 
web page for a first download to the web browser, wherein a user's browser 
downloads the encrypted script and the decryption program (Korn, 3:36-38); 
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e. decrypting the encrypted script by the run-time environment to produce a 
script for transmittal to and execution by the web browser (Korn, 3:59-60; an 
applet runs in a JRE). 
2. Korn does not expressly teach the hypertext object including a reference to the 
encrypted script, nor does Korn explicitly disclose the steps of sending a second and 
third URL request and receiving the second and third URL request as recited in claim 
56. W3C teaches incorporating a hypertext object within an html page to invoke 
remotely located objects that perform dynamic tasks, including functions defined by 
applets; furthermore, the hypertext object includes parameters to identify the location of 
remote data read in by the objects to perform the dynamic tasks (section 13.3, 
especially section 13.3.1 "Rules for rendering objects" and 13.3.2 "Object initialization: 
the PARAM element"; section 13.4). In this prior art, objects such as applets are 
rendered in the following order: a user agent first renders the object (pg. 8 of section 
1 3.3.1 "Rules for rendering objects," "The user agent must first try to render the object"), 
and when the object is rendered, the user agent searches for PARAM elements as 
parameters for the objects (pg. 12 of section 13.3.2 "Object initialization: the PARAM 
element," "When an OBJECT element is rendered, user agents must search the content 
for only those PARAM elements that are direct children and "feed" them to the 
OBJECT") In one example, a hypertext object in a modified web page (the <OBJECT> 
tag in an html page) references the object using a URL ("<OBJECT 
classid="http://www.gifstuff.com/gifappli" [first line of pg. 12 of section 13]) and also 
references the run-time data to "feed" into the object as a URI 
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("value="./images/elvis.gif [4*"^ line of pg. 12 of section 13]). It would be obvious to one 
of ordinary skill in the art at the time the invention was made to store a hypertext object 
including a reference to the encrypted script (OBJECT tag) in a modified web page and 
a reference to the decryption program (PARAM attributes), whereby access for 
restricting access to the script includes the following steps: sending a second URL 
request to the web server initiated by the user for the decryption program (Korn, 3:38: 
"clicking on an applet"); receiving the second URL request at the web server and 
fetching the decryption program for a second download to the web browser (classid and 
codebase attributes define URIs to request and retrieve the object); retrieving the URL 
reference to the encrypted script in the modified web page by the web browser; sending 
a third URL request to the web server initiated by a runtime environment for the 
encrypted script; and receiving the third URL request by the web server and fetching the 
encrypted script for a third download to the run-time environment (PARAM attribute 
value is a URI designating a resource [last line of page 1 1 of section 13]; applets are 
rendered and run in a JRE). One would be motivated to do so since the invocation of 
remote objects and remote data sets using hypertext enables access to dynamic 
programs and data sets from a remote location, which enables greater flexibility to store 
and retrieve programs and data sets (W3C, ibid). The aforementioned cover the 
limitations of claim 56. 

3. As per claim 57, the rejection of claim 56 under 35 USC 103(a) as being 
unpatentable over Korn in view of W3C is incorporated herein, (supra) In addition, Korn 
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and W3C further teach or suggest detecting in the first download by the web browser a 
URL reference in the modified web page to a decryption program (Korn, col. 3:37-38; 
W3C, pg. 9 of section 13, "classid"). 

4. As per claim 58, the rejection of claim 56 under 35 USC 103(a) as being 
unpatentable over Korn in view of W3C is incorporated herein, (supra) In addition, Korn 
and W3C further teach or suggest detecting in the second download by the web 
browser a URL reference to an encrypted script in the modified web page (Korn, col. 
3:37-38; W3C, pg. 12 of section 13, "PARAM" and "value="./images/elvis.gir>"). 

5. As per claim 59, the rejection of claim 56 under 35 USC 103(a) as being 
unpatentable over Korn in view of W3C is incorporated herein, (supra) In addition, Korn 
and W3C further teach or suggest invoking the decryption program with the reference to 
the encrypted script by the web browser for execution by the run-time environment. 
(Korn, col. 3:37-38, an applet runs in a JRE) 

6. As per claim 60, the rejection of claim 56 under 35 USC 1 03(a) as being 
unpatentable over Korn in view of W3C is incorporated herein, (supra) In addition, Korn 
and W3C further teach or suggest the web browser is a multi-tasking browser (Korn, 
col. 1:12-13; 2:35: IE is a multi-tasking browser). 
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7. As per claim 61 , the rejection of claim 56 under 35 USC 1 03(a) as being 
unpatentable over Korn in view of W3C is incorporated herein, (supra) In addition, Korn 
and W3C further teach or suggest the run-time environment is a multi-tasking run-time 
environment (applets run in an JRE, which is a multi-tasking run-time environment). 

8. As per claims 67 and 68, they are claims corresponding to claims 56-59, and 
they do not teach or define above the information claimed in claims 56-59. Therefore, 
claims 67 and 68 are rejected as being unpatentable over Korn in view of W3C for the 
same reasons set forth in the rejections of claims 56-59. 

12. Claims 62-66 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Korn in view of W3C, and further in view of Hall CORE Web Programming . Chapter 14, 
"Concurrent Programming using JAVA Threads" (hereinafter Hall). 

9. As per claims 62-66, the rejection of claim 60 under 35 USC 103(a) as being 
unpatentable over Korn in view of W3C is incorporated herein, (supra) Neither Korn nor 
W3C explicit disclose or suggest launching concurrent tasks by the multi-tasking 
browser when the web page is loaded into the web browser; wherein the first concurrent 
task sends the second URL request to the web server for the decryption program; 
wherein the second concurrent task sends the third URL request to the web server for 
the encrypted script; wherein the multi-tasking runtime environment suspends to wait for 
the multi-tasking runtime environment to detect that the multitasking web browser has 
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stored the encrypted script; wherein the multi-tasking browser triggers the multitasking 
runtime environment to synchronize the first and the second concurrent task by 
detecting the availability of the encrypted script. However, multitasking is a notoriously 
well-known means in the art to configure tasks within an application to enable the 
benefits of concurrent programming. For example, Hall discloses utilizing threads within 
an applet run on a Netscape Browser to perform concurrent tasks for the purpose of 
efficiency and convenience (pg. 749, introduction and pgs. 750-760; pgs. 770). Hall 
further discloses arbitrating contention for resources by locking code for a given thread 
and notifying other thread when the lock is released by the given thread; this process 
ensures that the locked code is available only when the thread locking the code is 
finished executing the code, which prevents improper execution of the code (pg. 760- 
762; pg. 766, "notifyQ" and "notifyAIIQ") In the case of the tasks for submitting the URLs 
for the decryption program and the encrypted script, these are atomic tasks that do not 
require a necessary order for proper operation, and hence, concurrent submission of 
the URL for the decryption program and encrypted script are obvious variants in view of 
Hall. Moreover, the step of suspending the runtime environment to detect multitasking 
web browser has stored the encrypted script, wherein the multitasking browser triggers 
the runtime environment to synchronize the first and second concurrent task by 
detecting the availability of the encrypted script is an obvious enhancement since 
decryption of the script can only proceed when the encrypted script is available locally 
within the browser. Therefore, it would be obvious to one of ordinary skill in the art at 
the time the invention was made to launch concurrent tasks by the multi-tasking 
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browser when the web page is loaded in to the web browser; wherein the first 
concurrent task sends the second URL request to the web server for the decryption 
program; wherein the second concurrent task sends the third URL request to the web 
server for the encrypted script; wherein the multi-tasking runtime environment suspends 
to wait for the multi-tasking runtime environment to detect that the multitasking web 
browser has stored the encrypted script; wherein the multi-tasking browser triggers the 
multitasking runtime environment to synchronize the first and the second concurrent 
task by detecting the availability of the encrypted script. One would be motivated to do 
so to perform the task more quickly in a multithreaded environment and for the sake of 
convenience. (Hall, pg. 749) The aforementioned cover the limitations of claims 62-66. 



Conclusion 

1 . THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .1 36(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 
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Communications Inquiry 



Any inquiry concerning this comnnunication or earlier connnnunications from the 
examiner should be directed to Jung W. Kim whose telephone number is 571-272-3804. 
The examiner can normally be reached on M-F 9:00-5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 





Jk 

September 12, 2006 



GILBERTO BARRON 




SUPERVISORY PATENT EXAWini 
TECHNOLOGY CENTER 2100 



